tomcat-users mailing list archives

Hi all,
well I have, in my opinion, a very interesting question.
Last week we went in a production enviroment: we have apache + tomcat with an important web
application xxx (http.conf has JkMount /xxx worker).
Well, this morning I have discovered that somebody has tried to attack my server: in the Apache
error log I have found calls as /scripts/..%5c%5c../winnt/system32/cmd.exe, /scripts/.....,
and so on.
My question is: is Tomcat secure? How can I do Tomcat secure? Is all my system secure? ( my
machine is a solaris 8).
Thanks
Laura